Tip

Tasks for initial switch configuration

In most instances, you can take any brand of switch out of the box and turn it on and without any configuration whatsoever, have it provide the connectivity you need much like an unmanaged

    Requires Free Membership to View

hub would. In this tip, we'll look at when you need to configure something extra.

First things first; there's a minimum level of security that every network device should meet. That would include:

  • setting the password. (You won't like it if an intruder sets it for you.)
  • setting community strings or turning off SNMP if you don't intend to use it (especially if they're set to "public" and "private")
  • turning off all the methods of administration you won't use, especially the Web interface
  • configuring logins or an authentication server (RADIUS or TACACS+) if you have one
  • configuring a syslog server to store log entries remotely

The rest of our configuration list depends on what you intend to do with the switch and to some extent, how complex your environment is.

  • If you have more than one switch in a broadcast domain, you'll want to configure Spanning Tree Protocol. This will probably be turned on and work by default, but it might select a root bridge that will give you suboptimal convergence. Set the bridge priority on the switch you want to be root, and leave the rest default.
  • If you have more than one IP subnet on a switch, you may need to configure VLANs or trunk ports. Don't forget to put user ports into the appropriate VLANs after you create them. Note that if you are using a Cisco switch, even if you only have one subnet, I strongly recommend that you do NOT use the default VLAN 1 as this behaves somewhat differently than other VLANs. Create another VLAN and put all the ports into it.
  • If you plan to connect IP phones, then you may need to configure "voice VLANs" and also enable Power over Ethernet. PoE may be disabled by default.

There are of course, dozens of other things you can do to make your network better, like configuring labels on each port to help you track what device is plugged into them, or manually setting the speed and duplex on some ports, or turning off unneeded protocols like PAgP. But this list should be sufficient to get most networks up and running with a reasonable effort.


Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.


 

This was first published in May 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.